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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- if the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- if NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 30 August 2004 , 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) D Claim(s) 18-26 and 28-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) 18-26 and 28-31 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 19 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Status of Claims 

1. Claims 18-26 and 28-31 have been examined. 

Claim Objections 

2. Claim 31 is objected to under 37 CFR 1 .75(c), as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. 
Applicant is required to cancel the claim(s), or amend the claim(s) to place the 
claim(s) in proper dependent form, or rewrite the claim(s) in independent form. 

Claim 28 recites providing account information to a merchant to facilitate a 
transaction. Claim 31, on the other hand, teaches providing a "secondary 
transaction number" in lieu of the account information. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claims 28-31 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the enablement requirement. The claim(s) contains subject 
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matter which was not described in the specification in such a way as to enable 
one skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and/or use the invention. 

Claim 28 recites "comparing said signed challenge string and said digital 
certificate". However, the Application only provides support for sending a string 
and a certificate, for example when they are one and the same (Specification 
paragraph 54) (Specification, paragraphs 12, 34, 35, 54 and 57). 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 18-26 and 28-31 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

a. Claims 18, 23, 26 and 28 recite communicating over "an 
authenticated communication channel". To one of ordinary skill, this is an 
indication that steps were taken to authenticate the channel. However, the 
preceding limitations are silent regarding such an action or actions. Similarly, 
claim 28 refers to a signed challenge string "originating from said user". The 
claim is not clear as the user only provides a challenge string. 

Claims 19-22, 24, 25 and 29-31 are also rejected as they depend from 
claims 18, 23 or 28. 
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b. Claim 28 recites, "comparing said signed challenge string and said 
digital certificate". However, it is not clear to one of ordinary skill what the 
Applicant is intending to claim. The Applicant explicitly teaches that a challenge 
string is a digital certificate (Specification, paragraph 54). Therefore, it is not clear 
how such a comparison is performed, particularly in light of the silence of the 
Applicant's Disclosure. 

Claims 29-31 are also rejected as they depend from claim 28. 

c. Claim 31 recites the limitation "said transaction account number" in 
line 3. There is insufficient antecedent basis for this limitation in the claim. 

d. Claim 31 recites providing a merchant with a transaction number in 
lieu of an account number. However, claim 28 from which claim 31 depends 
requires account information in order to facilitate a transaction between user and 
merchant. Therefore, such a substitution would result in a failed transaction 
according to the teachings of claim 28. 

. 7. Claims 18 and 31 are rejected under 35 U.S.C. 112, second paragraph, as 

being incomplete for omitting essential steps, such omission amounting to a gap 
between the steps. See MPEP § 2172.01. The omitted steps are: creating an 
authenticated channel (Specification, page/line 21/22-22/5). 
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Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

9. Claim 26 is rejected under 35 U.S.C. 102(b) as being clearly anticipated 
by Payne et al. f U.S. Patent No. 5,715,314. 

As per claim 26, Payne et al. teach a merchant interface system 
comprising means for: 

• communicating with a user and a merchant over a distributed 
network (figure 1) 

• prompting a user to provide authentication information (figures 7 
and 8) 

• receiving and authenticating information from a user (column 6, 
lines 31-59) 

• accessing user account information (figures 2G and H; column 5, 
lines 25-48; column 7, lines 14-39) 

• establishing an authenticated communication channel between a 
host computer and merchant computer (column 5, lines 41-47) 
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• providing account information to the merchant over the 
authenticated channel (figures 2G and H; column 7, lines 14-39) 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 18-25 and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Payne et al., U.S. Patent No. 5,715,314 in view of Purpura, 
U.S. Patent No. 6,421,768. 

As per claims 18-25 and 28 Payne et al. teach an online transaction 
system comprising: 

• receiving at a host website (payment computer) an HTTP request 
from a user browser (column 5, lines 25-30; column/line 9/50- 
10/20) 

• sending said user a challenge string (column 6, lines 30-42) and 
authenticating said user by receiving authentication information 
from said user wherein the information corresponds to the user 
account (column 6, lines 30-59) 
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• generating a secondary transaction number associated with a user 
account and using the number to facilitate a transaction between 
merchant and user (column 7, lines 22-30) 

• establishing an authenticated communication channel between the 
host and a merchant (column 7, lines 30-40) 

As per claims 23-25, Payne et al. also teach communicating with a user over a 
distributed network (figure 1), recognizing the presence of an authentication 
device on a user's computer system (figures 1, 4, 7 and 8; column 4, lines 35-37; 
column 7, lines 31-39; column 8, lines 33-38) and receiving account information 
from a host system to facilitate a transaction between merchant and user 
(column 7, lines 22-30). Payne et al. do not specifically recite a merchant 
redirecting a user to a host site. Purpura provides a general teaching for 
redirecting a user from a one computer to another over the internet (column 4, 
lines 46-48 and 50-55). Purpura also discloses standard techniques for 
establishing an "authenticated" channel between computers. For example, 
Purpura discloses basic key or token exchange protocols (e.g. Interlock Protocol) 
where a receiving party confirms the origination of a sent token (e.g. key) 
(column 4, lines 7-16). More integral to Purpura's invention, however, is an 
authentication protocol using basic "redirection". Specifically, Purpura teaches a 
first computer depositing a host system signature in a user browser and a second 
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computer decrypting the signature to authenticate the first computer or host 
system (column/line 3/60-4/6). Therefore, it would have been obvious to one of 
ordinary skill to combine the teachings of Payne et al. and Purpura in order to 
allow a user authenticated on a first computer (e.g. via password- 768, column 3, 
lines 15-36; '314, figure 7) to be securely authenticated on a second site without 
having the user re-authenticate her/himself (768, column 3, lines 38-43). 

12. Claims 21 , 22 and 28-31 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Payne et al., U.S. Patent No. 5,715,314 and Purpura, U.S. 
Patent No. 6,421,768 as applied to claim 21 above, and further in view of Gifford, 
U.S. Patent No. 6,421,768. 

As per claims 21 and 22, Payne et al. teach a secure online transaction 
system between user, merchant and host comprising password strings, 
authenticated channels, and transaction numbers (abstract; figure 1; column 5, 
lines 25-30; column 7, lines 20-40; column/line 9/50-10/20). Purpura provides a 
general teaching for redirecting a user from a one computer to another over the 
internet (column 4, lines 46-48 and 50-55). Purpura also discloses standard 
techniques for establishing an "authenticated" channel between computers 
(column 4, lines 7-16). However, neither Payne et al. nor Purpura explicitly recite 
smart cards. Gifford teaches entering a personal identification number and 
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inserting a smart card into a smart card reader (figure 4; column/line 10/54-1 1/8). 
Gifford also teaches authenticating users by receiving user authentication 
information such as a signed challenge string and a digital certificate (column 10, 
lines 30-53). Therefore, it would have been obvious to one of ordinary skill to 
combine the teachings of Payne et al., Purpura and Gifford in order more 
securely convey private data ('424, column/line 10/54-11/8). 

As per claims 28-30, Payne et al. teach a buyer, merchant and host linked 
over a network (figure 1 ) and a user logging onto a system (figure 7). Payne et al. 
also teach retrieving account information, such as an account number, and 
providing said number to a merchant (column 7, lines 14-39). As per claim 31, as 
the merchant is not provided with the account number, Payne et al. also teach 
providing a merchant with a secondary transaction number (column 7, lines 14- 
39) instead of an account number such as a credit card number (column 6, lines 
23-25). Purpura provides a general teaching for conducting three party 
communication over a network by redirecting a user from one website (merchant) 
to another (host) (column 4, lines 46-48 and 50-55). In this manner, when a user 
passes data, such as a challenge string, to the host, it goes through the 
merchant website (column 4, lines 45-62; column 5, lines 3-34). Gifford teaches 
entering a personal identification number and inserting a smart card into a smart 
card reader (figure 4; column/line 10/54-1 1/8). Gifford also teaches 
authenticating users by receiving user authentication information such as a 
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singed challenge string and a digital certificate (column 10, lines 30-53). 
Therefore, it would have been obvious to one of ordinary skill to combine the 
teachings of Payne et al., Purpura and Gifford in order more securely convey 
private data ('424, column/line 10/54-11/8). 

Conclusion 

13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

• Bezos et al. teach redirecting a user from a first website to a second 
website 

• Linehan teaches allowing a user to access a third party through a 
second party in order to complete a transaction 

14. Any inquiry concerning this communication or earlier communications from 
the Examiner should be directed to Calvin Loyd Hewitt II whose telephone 
number is (703) 308-8057. The Examiner can normally be reached on Monday- 
Friday from 8:30 AM-5:00 PM. 

If attempts to reach the Examiner by telephone are unsuccessful, the 
Examiner's supervisor, James P. Trammell, can be reached at (703) 305-9768. 
Any response to this action should be mailed to: 
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Commissioner of Patents and Trademarks 
c/o Technology Center 2100 
Washington, D.C. 20231 

or faxed to: 

(703) 305-7687 (for formal communications intended for entry and 
after-final communications), 

or: 

(703) 746-5532 (for informal or draft communications, please label 
"PROPOSED" or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park 5, 
2451 Crystal Drive, 7th Floor Receptionist. 

Any inquiry of a general nature or relating to the status of this application 
should be directed to the Group receptionist whose telephone number is (703) 
308-1113. 




